*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.
Identifier: CVE-2024-29990
Exploit or POC: No
Update: CVE-2024-29990 – Security Update Guide
Description: CVE-2024-29990 allows for elevation of privileges. Authentication and user interaction are not required for successful exploitation of this vulnerability. This vulnerability could allow an adversary to access Azure Kubernetes Container Services (i.e. AKS node and Confidential Container) to achieve control over confidential guest accounts and containers beyond the AKS (Azure Kubernetes Service) security scope. Subsequently, also allowing for credential theft.
Mitigation recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the CVE-2024-29990 – Security Update Guide.
Identifier: CVE-2024-29988
Exploit or POC: No
Update: CVE-2024-29988 – Security Update Guide
Description: CVE-2024-29988 allows for security bypassing. User interaction is required to successfully exploit this vulnerability. This vulnerability requires that an adversary employ social engineering tactics to convince an unwitting user to launch malicious files using a launcher application that mandates the UI does not display.
Mitigation recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the CVE-2024-29988 – Security Update Guide.
Identifier: CVE-2024-29053
Exploit or POC: No
Update: CVE-2024-29053 – Security Update Guide
Description: CVE-2024-29053 allows for remote code execution. This vulnerability does not require user interaction however, authentication is a prerequisite for successful exploitation. The successful exploitation of this vulnerability could allow an adversary to upload malicious files to confidential locations on the target server.
Mitigation recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the CVE-2024-29053 – Security Update Guide.
Identifier: CVE-2024-20678
Exploit or POC: No
Update: CVE-2024-20678 – Security Update Guide
Description: CVE-2024-20678 allows for remote code execution. This vulnerability does not require user interaction or administrative privileges for exploitation. The successful exploitation of this vulnerability could allow an authenticated adversary to send specially crafted RPC calls to an RPC host. Thereby triggering arbitrary code execution on the server side with equivalent permissions to the RPC service.
Mitigation recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the CVE-2024-20678 – Security Update Guide.
Identifier: CVE-2024-26179
Exploit or POC: No
Update: CVE-2024-26179 – Security Update Guide
Description: CVE-2024-26179 allows for remote code execution. User interaction is required for successful exploitation. This vulnerability can be exploited after a user has initiated connection to a malicious server. Thus, allowing an adversary to achieve remote code execution on the target user environment.
Mitigation recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the CVE-2024-26179 – Security Update Guide.
Identifier: CVE-2024-26241
Exploit or POC: No
Update: CVE-2024-26241 – Security Update Guide
Description: CVE-2024-26241 allows for elevation of privileges. The successful exploitation of this vulnerability does not require user interaction. This vulnerability could allow an adversary to achieve SYSTEM privileges following successful exploitation.
Mitigation recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the CVE-2024-26241 – Security Update Guide.
Identifier: CVE-2024-28903 & CVE-2024-28921
Exploit or POC: No
Update: CVE-2024-28903 – Security Update Guide & CVE-2024-28921 – Security Update Guide
Description: CVE-2024-28903 & CVE-2024-28921 allow for security bypassing. Successful exploitation of this vulnerability does not require user interaction. This vulnerability could allow an adversary to bypass Secure Boot.
Mitigation recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the CVE-2024-28903 – Security Update Guide and the CVE-2024-28921 – Security Update Guide.